Creating a Push Operation
To create a new push operation:
- Log in to the Endpoint Security Administrator Portal.
- Navigate to Asset Management > Push Operations.
-
Click Create operation.
The Create operation page appears. Select the required operation and the required actions.

-
In the Operation tab, select the required operation.
The supported operations are:
Table 1. Supported Push Operations Category Push Operations Windows macOS Linux Anti-Malware Scan for Malware Yes Yes Yes Update Malware Signature Database Yes Yes Yes Restore Files from Quarantine Yes Yes Yes Forensics and Remediation Analyze by Indicator Yes Yes No File Remediation Yes Yes Yes Isolate Computer Yes Yes No Release Computer Yes Yes No Agent Settings Deploy New Endpoints Yes No No Collect Client Logs Yes Yes No Collect Client Logs Offline Yes Yes No Repair Client Yes No No Shutdown Computer Yes Yes No Restart Computer Yes Yes No Uninstall Client Yes Yes No Application Scan Yes Yes No Kill Process Yes Yes No Remote Command Yes Yes Yes Search and Fetch files Yes Yes No Registry Actions Yes No No File Actions Yes Yes No VPN Site Yes Yes No Collect Processes Yes No No Run Diagnostics Yes Yes No Enable / Disable Self Protection Yes Yes No Collect Memory Dump Yes Yes No - Click Next.
-
In the Devices tab, configure the required devices.

- To perform a push operation for all organizational assets, select Entire organization.
- To perform a push operation for specific affected assets, select Custom and choose the affected devices.
- Click Next.
-
Configure the operation settings.
Table 2. Anti-Malware Operations Push Operations Description 2FA Required Scan for Malware Runs an Anti-Malware scan on the computer or computers, based on the configured settings. No Update Malware Signature Database Updates malware signatures on the computer or computers, based on the configured settings. No Restore Files from Quarantine Restores files from quarantine on the computer or computers, based on the configured settings.
To restore files from quarantine:
In the Full Path field, enter the path to file before it was quarantined including the file name. For example,
c:\temp\eicar.txt.Click OK.
No Table 3. Forensics and Remediation Operations Push Operations Description 2FA Required Analyze by Indicator Manually triggers collection of forensics data for an endpoint device that accesses or executes the indicator. The indicator can be a URL, an IP, a path, a file name or an MD5. No File Remediation Quarantines malicious files and remediates them as necessary.
To move or restore files from quarantine:
Click + and select the organization.
Click Update Selection.
Select the device and click Next.
Add Comment, optional comment about the action.
To move the files to quarantine, select Move the following files to quarantine.
To restore the files from quarantine, select Restore the following files from quarantine.
Click +.
-
From the drop-down:
-
Select Full file path or Incident ID:
In the Element field, enter the incident ID from the Endpoint Security Security client or enter the incident UID for the corresponding incident from the Logs menu in the Endpoint Security portal. To obtain the incident UID, open the log entry and expand the More section to view the incident UID.
Click OK.
-
Select MD5 Hash:
Enter or upload the Element.
Click OK.
-
Click Finish.
No Isolate Computer Makes it possible to isolate a specific device that is under malware attack and poses a risk of propagation. This action can be applied on one or more devices. The Firewall component must be installed on the client in order to perform isolation. Only DHCP, DNS and traffic to the management server are allowed. No Release Computer Removes device from isolation. This action can be applied on one or more devices. No Note:For Agent Settings operation descriptions (Deploy New Endpoints, Collect Client Logs, Repair Client, Shutdown/Restart Computer, Uninstall Client, Application Scan, Kill Process, Remote Command, Search and Fetch files, Registry Actions, File Actions, VPN Site, Collect Processes, Run Diagnostics, Enable/Disable Self Protection, Collect Memory Dump), see the Agent Settings section of the source snippet. - Click Next.
-
(Optional) In the Schedule tab, configure the schedule to run the operation.

-
In the Run Operation section:
To execute the operation immediately, select Immediately.
To schedule the date and time to run the operation, select Schedule and in the Date section, select the required date and time.
-
In the Expire on section, select the expiration time frame:
7 days
30 days
Custom
-
In the Run Operation section:
-
Click Next.
The Summary tab shows a summary of the selected operation.

- Click Create.